Tag Archive | "Leaked"

Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability

Google Chrome and Mozilla Firefox might have inadvertently leaked the Facebook usernames, profile pictures and even the likes of their users because of a side-channel vulnerability.

A side-channel vulnerability was discovered in a CSS3 feature dubbed the “mix-blend-mode.” This allowed a hacker to discover the identity of a Facebook account holder using Chrome or Firefox by getting them to visit a specially-designed website.

This critical flaw was discovered in 2017 by security researchers Dario Weißer and Ruslan Habalov and also by independent researcher Max May.

The researchers created a proof-of-concept (POC) exploit to show how the vulnerability could be misused. Weißer and Habalov’s concept showed how they were able to visually harvest data like username, profile picture, and “like” status of a user. What’s more, this insidious hack could be accomplished in the background when the user visits a malicious website.

The visual leak could happen on sites using iFrames that connect to Facebook in via login buttons and social plugins. Due to a security feature called the “same-origin policy,” sites can’t directly access iFrame content. But the researchers were able to get the information by developing an overlay on the cross-origin iFrame in order to work with the underlying pixels.

It took Habalov and Weißer’s POC about 20 seconds to get the username and about five minutes to create a vague copy of the profile picture. The program also took about 500 milliseconds to check the “like” status. Keep in mind, however, that for this vulnerability to work, the user should be logged into their Facebook account.

Habalov and Weißer privately notified both Google and Mozilla and steps were taken to contain the threat. Google was able to fix the flaw on their end when version 63 was released last December. On Firefox’s end, a patch was made available 14 days ago with the release of the browser’s version 60. The delay was due to the researchers’ late disclosure of their findings to Mozilla.

IE and Edge browsers weren’t exposed to the side-channel exploit as they don’t support the needed feature. Safari was also safe from the flaw.

[Featured image via Pixabay]

The post Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability appeared first on WebProNews.


Posted in IM NewsComments Off

Nokia 9 Smartphone: Leaked Promo Video Confirms Specs!

Images of the new Nokia 9 have been leaked online, which teases the first high-end phone from HMD Global. It’s not yet clear if this leak is “accidental,” but it did create hype for the new Android phone from Nokia.

The phone itself was encased in a thick blue screen, which some tech news sites agree covered much of the details of the boxy gadget. However, some of the images do lend credence to earlier speculations that it will come with dual 13-megapixel cameras, 4K recording, as well as LED flash.

There seems to be a USB-C port at the bottom of the gadget and a 3.5mm headphone jack, which seems to indicate that the Nokia 9 won’t be competing against the newer iPhones in that regard.

Underneath, the phone will have a 5.3-inch, 2560 x 1440-pixel QHD display, with 4GB of RAM, and 64 GB of storage. The Nokia 9 will allegedly be powered by a Qualcomm Snapdragon 835 processor and will run on Android 7.1.1.

There is also a fingerprint sensor at the front of the phone, while the design suggests a thick bezel. The design itself has failed to impress, but this is still a prototype, so it’s unfair to judge the Nokia 9 based on unofficial images.

This is not Nokia’s first foray into Android phones since Microsoft sold the brand to HMD Global and Foxconn late last year. In January this year, HMD released Nokia 6, which boasts a 1.1GHz octa-core Qualcomm Snapdragon 430 processor mated to 3GB of RAM and sold for about $ 250.

HMD already released Nokia 3, Nokia 5, and the new iteration for the Nokia 3310. Based on its schedule, Nokia 7, Nokia 8 and Nokia 9 will likely be released this year. In fact, a video of what seemed to be an ad for Nokia 8 was also leaked. Reportedly, the ad was taken down immediately, but not before it was saved by users.

It is still unclear how the Nokia 9 will match up to the Samsung Galaxy S8 or the iPhone 7 and iPhone 7+ because the specs for this new phone are not out yet. Between now and its release, there might also be additional features that will be added by the company’s engineers to show to the world that Nokia, indeed, is back.

HMD has not issued any statement regarding the Nokia 9 leak.

The post Nokia 9 Smartphone: Leaked Promo Video Confirms Specs! appeared first on WebProNews.


Posted in IM NewsComments Off

Leaked 2012 FTC Document Called Google A Monopoly, Recommended Litigation

An “inadvertently disclosed” report from the Federal Trade Commission (FTC) labels Google a monopoly and appears to directly contradict the decision not to pursue legal action against the company. In early 2013 the FTC formally decided to close its antitrust investigation against Google…

Please visit Search Engine Land for the full article.

Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

Panda 4.1 Google Leaked Dos and Don’ts – Whiteboard Friday

Posted by josh_bachynski

Josh Bachynski takes you inside Panda 4.1 with a tour of some of the top dos and don’ts for your website. And it’s about so much more than the standard “good content” refrain. Watch the video to learn more.

For reference, here’s a still of this week’s whiteboard!

Whiteboard Friday board

Video Transcription

Hi and welcome to a Whiteboard Friday with Josh Bachynski, who some people call the Ginger Rand. Today I want to talk about Panda 4.1 and the Google leaked dos and don’ts. Recently, another algorithm named Penguin has been getting a lot of attention in Google. But I want to make sure that we don’t forget about Panda.

Penguin is to SEO as kind of like Jason Voorhees, if you will. It’s very scary, and it comes around every now and then and slices and dices websites. But Panda is more, in my opinion, kind of like Freddy Krueger. He’s always kind of there in the background, in your nightmares, waiting to strike at any site, whether they think they’re breaking the rules or not.

So I think it’s very important to keep Panda in mind, even in the wake of Penguin craziness. “Okay, Josh,” you ask, “well then what can we do to fix Panda or deal with Panda?” Well, Google has, in the past, three years ago, produced a set of very vague questions that are supposed to be intended to help websites deal with Panda. However, I found this unsatisfactory, and many webmasters have found this unsatisfactory.

So what I did, because apparently I have very little to do with myself, I scoured the Internet for the last two or three years for every single reference of Panda I could find, from John Mueller, from Maile Ohye, from Pierre Far, from Gary Iles, all of the various Google employees that I could find, including the elite Quality Raters Guidelines. I scoured all the references from these materials coming directly from Google of any reference they made to a quality algorithm, any specific, actionable thing they said to do based on that quality algorithm.

What I did is I made a complete list, a complete do’s and don’ts list. Now the complete list is on my website, which I’ll share in a second. It takes me about an hour to go through the whole thing, so what I wanted to do for the wonderful Mozzers on Whiteboard Friday was to collect just kind of the top four dos and the top four don’ts and talk about those in a way that’s more specific than the vague questions and I hope more helpful, but also short enough that I can condense into a Whiteboard Friday.

So I bet you’re thinking to yourself, Josh, if you’re going to tell me just to make good content, I’m going to hurl. I don’t want anyone to hurl. Please don’t hurl. So I’m going to get to some specifics actually.

Here they are here. The collapsed do and don’t list. The first section is the do list, and I’ve broken it down into four major dos that you should pay attention to for your website.

The first one is ensure task completion. Google’s been talking a lot about task completion, more on the mobile side, but also on the desktop side as well. On my Panda list, when I scoured all the Google sources for this information, I found that they talk a lot about having to worry about your user metrics, what users are doing on your site, whether or not they’re satisfied with your content, whether they’re bouncing back to Google, or they’re leaving your site to go directly to some other site.

So I boiled that all down to say ensure task completion. Whatever tasks that page is supposed to complete, you want to make sure it completes it. If it’s a sign-up page, you want to make sure they sign up. Above the fold, you want to make sure it loads in the first three seconds and the main content is very clearly a sign-up page, if it’s supposed to be a sign-up page. Or a download page, or if it’s supposed to be information, if they wanted top five tips on X, Y, or Z, on Freddy Krueger, what are the five top best things about Freddy Krueger, it should say that above the fold so they can complete that task and Google can make sure they can track that they complete that task.

Of course, your analytics will tell you whether or not you’re succeeding in that regard. If you see a lot of drop offs on that page, that could be a problem because those could be bounces back to Google.

Number two, you want to make sure you have various offsite references. So what kind of references am I talking about? I’m taking about any possible reference that you can get. Any way that Google can tell that this is a quality site, that people recommend this site, that’s what you want. So you want people in the social world talking about you, sharing you, any of the major social networks, I don’t care. Also, you want the experts in those particular social networks talking about you.

For example, if you are in SEO and if Rand Fishkin or other top SEOs are not talking about your content, that’s a problem, because Google knows very well who the experts are, and they definitely will take into consideration if experts are talking about your content. At least, this is what I found on my list. For all the references again, you can go back to my list, which I’ll mention out loud in a second.

Also, of course, you want links. Everyone knows you want links. But the links, of course, should be topical. If there is a forum in your industry or a blog in your industry or a magazine in your industry or a newspaper, anything like that in your industry, if they’re not talking about you, that’s a problem. You want to make sure they’re talking about you, and, of course, it should be in a positive way. Hopefully, they’re not talking about you in a negative way. That could be an issue.

Finally, you want to make sure you get reviews. The four star rating, nine out of ten blips, eight out of four blops, whatever it is, you want to make sure you get reviews, and they should be on independently verified sources, but also that Google can read, so Yelp, Zagat, and Google+. If you’re not a local-based business, you still probably want some good reviews or references from the Better Business Bureau or Wikipedia or any kind of these other forums I talked about that are your industry specific. That is all telling Google that this site is a quality site.

Three, you want to make sure you have reputable business information on every page. This was something that was a little bit striking, that a lot of people don’t know about. You want to make sure that you have on every page your address, your phone, and contact information. You want to make sure on your site you have a robust mission statement, a robust company directory. Not just a form with just kind of a standard WordPress form, where you click it and it might email somebody or it might not. You want to make sure that all the business information on your website, the phone number, the address are current and correct and that they can easily contact you and tell that you’re a reputable business from any given page. That includes copyright information as well. You want to make sure your copyright is up to date on the site.

Finally, you want to make sure you cite your sources. Google is a company run by academics, and so it should be unsurprising to find that these academics want you to — what did they tell you in college — cite your sources. So if there are any big Wikipedia articles or any larger industry related websites that talk about your information, you should be giving a link out to those people. You should be citing your source and indicating to Google that you’re an upstanding web citizen, or, at the very least, you know who the big dogs are in your industry and you’re citing those sources when it is applicable.

There are many more things you should be doing, but again, I can’t go through them all. So please go to my website to see, one, where I got the references for all this information. I’m not just making it up. I actually found places where actual Googlers have said this. You can check the other dos.

Now let’s go to the don’ts. Now, if you go check my list, you’ll see there are far more don’ts than there are dos, which I guess that’s the state of the union as it is right now. But some of the most important don’ts I’ve listed here.

One, you want to make sure that you do not repeat keywords anywhere. This is important. You don’t want to repeat keywords too much on page, and you don’t want to repeat keywords too much across the site. You don’t need ten pages about your pink shoes, blue shoes, green shoes. You don’t need ten pages about the law you do in New York and Boston and Winnipeg and Toronto and Nunavut or wherever else you’re doing law. This is definitely kind of a spammy signal for Google, and Google has mentioned this a million times in a bunch of different places, which I list.

Also you don’t need to pepper your text with multiple keywords either, especially not to link it to other pages on your site just to try and make Google understand you’re about that. Google already knows you’re probably about that topic.

Tying directly to that, you don’t want to make content just for SEO’s sake. You see this quite a lot, that people think that they need to update their blog on a weekly basis, or they think that they have to have that freshness signal, and they will sacrifice quality of content for rapidity of publishing.

Again, that is something that Google had mentioned a bunch of times. This is low-quality content, and you don’t need it. Rand has shared numerous posts, and Moz has shared numerous posts about it. If there’s no one to amplify your content, then there’s no point in doing so. If you’re not going to publish content that people go “wow” about, then you don’t need to publish it, and you can save that money.

Three, you don’t want to forget your tie. What do I mean by that? What I mean is, when you go to a job interview, you don’t want to forget your suit or forget your tie. The website is the exact same thing. You want to make sure you’ve crossed all the i’s and dotted all the t’s or crossed all the t’s or dotted all the i’s, or however it goes. You want to make sure that the spelling and grammar has been checked, that all the pages have been checked for errors, that there are no miscellaneous 500 errors, there are no naked Apache 404 errors. You want to make sure that, essentially, the website has been looked over and proofed. This is, as Google tells us, a direct signal that they’re looking for in their quality algorithms. It makes sense because you don’t want to see a site that has these kinds of errors on it.

Finally, the one that I’ll share with you today, number four and this is another controversial one, is you do not want to interfere with the website usage with ads. So Google has been very clear in the Quality Raters Guidelines, in particular, and in a few other leaks from a few other Googlers, that you do not want to interrupt the user process of them going through your page by having a giant ad here and a giant ad here and a pop-up that comes up that they have to click away and then they’re scrolling and reading down a little bit more, and then there’s another ad that gets in the way. They have to scroll past that. This was directly mentioned in the Quality Raters Guidelines as a very blatant, low-quality site signal.

I know it cuts into revenue, and I know it could be an issue for some sites to have to consider to change this. But again and again, every Panda review that I do, I see issues like this as well.

So that is the condensed Do and Don’t List. Again, I have references for where I found all this information, and I have a much, much longer don’t list, about 26 items on that don’t list that I was able to find over the last 3 years. So please go ahead and check it out on my site. The site is called TheMoralConcept.net/pandalist.html. Hopefully, that’ll be down there somewhere in the blog.

Thanks for paying attention. Thanks for watching. Again, my name is Josh Bachynski. You can email me if you have any questions about this or any SEO questions at all. There’s my ungodly long last name and my email that you can try to email me from. So thanks very much for watching, and we’ll see you next time.

Video transcription by Speechpad.com

Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don’t have time to hunt down but want to read!

Moz Blog

Posted in IM NewsComments Off

Leaked Screenshot Shows Start Button Is Back In Windows 8.1

Windows Blue is now officially Windows 8.1. It will enter into a public beta in June. It’s rumored that the start button and a boot to desktop mode will be offered alongside numerous other updates. Thanks to a leaked screenshot, we can seemingly confirm one of those rumors.

Paul Thurrot’s Supersite for Windows shared the following screenshot today that shows the Start button is back in Windows 8.1, and it’s looking better than ever:

Leaked Screenshot of Windows 8.1 Show Start Button

The start button will behave mostly as it did in Windows 7 with a few key Windows 8 eccentricities. For starters, hovering over the Start button changes it color in much the same way the Start charm changes color in the current build of Windows 8. It’s also impossible to turn off the Start button, at least for now. That should ensure that newcomers to Windows 8 won’t be confused by the lack of a start button.

Thurrot also reveals two more really interesting tidbits about Windows 8.1. The first is that you can use your own wallpapers now as backgrounds in the Start menu. Previously, you could only use a small number of Microsoft-designed illustrations and colors. Secondly, a boot to desktop mode is indeed present, but it is turned off by default. It’s understandable as Microsoft is still trying to sell consumers on the walled garden Start screen experience.

Microsoft will presumably make all of this and more official later in June when it releases the Windows 8.1 public preview on June 26.


Posted in IM NewsComments Off